W32.Tupse


Aliases: N/A
Variants: N/A

Classification: Malware
Category: Computer Worm

Status: Active & Spreading
Spreading: Moderate
Geographical info: Asia, North and South America, and some parts of Europe and Australia
Removal: Easy
Platform: W32
Discovered: 08 May 2007
Damage: Low

Characteristics: The W32.Tupse application is spread by mapped drives. The infection length is 608,768 bytes. The systems that are affected include Windows 95, Windows 2000, Windows Me, Windows 98, Windows server 2003, Windows NT, and Windows XP.

More details about W32.Tupse

Once the W32.Tupse was executed, it generates the %System%\avwav32.dll, %DriveLetter%\MSSETUP.T~~\Folder.htt, %System%\kspool.exe, and %DriveLetter%\MSSETUP.T~~\Uninstall Driver.exe files. The worm will then create entry of the registry so that in case the Windows starts the virus will run at the same time. This worm application allows a user from a remote location to act as the system’s administrator. The remote user can send some commands to the worm program through IRC (Internet Relay Chat) channels. The remote user is capable of downloading and executing files and programs, removing important files from the affected computer and starting or participating on web attacks against various servers. The worm program can also get information regarding the affected computer. This includes the RAM (Random Access Memory), the user’s IP (Internet Protocol) address, the operating system and the programs that are installed on the user’s computer. The user’s PII (Personally Identifiable Information) can also be transmitted to the remote user.

This malware program may open up one of the unused ports in the infected machine to allow it to connect to a remote server to update its files and components. It was speculated that this malware may be capable of downloading random applications from a Web server to be installed on the compromised computer. Expert users claimed that the installation of malicious programs is done on the system's memory. It may hide itself by showing no visible window or process in Windows Task Manager. It was believed that this function of the W32.Tupse program may cause the system to slow down. The continuous installation of dropped programs, as well as their activity in the machine may eat up a large amount of system resources causing the machine to slow down or the system to freeze up.